(提案)集群RECENT-26 - 22的候选人

下面的集群包含22个候选人宣布6/26/2000和6/30/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0585 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html参考:OPENBSD: 20000624一个严重的错误在dhclient(8)可以从恶意dhcp服务器允许字符串作为根用户在shell中执行。参考网址:http://www.openbsd.org/errata.html dhclient参考:DEBIAN: 20000628 dhcp客户端:远程根利用dhcp客户端参考:网址:http://www.debian.org/security/2000/20000628参考:BUGTRAQ: 20000702[安全]宣布dhcp更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html参考:SUSE: 20000711安全漏洞在dhclient < 2.0参考:网址:http://www.suse.de/de/support/security/suse_security_announce_56.txt参考:XF: openbsd-isc-dhcp-bo参考:NETBSD: NETBSD - sa2000 - 008参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——008.参考:报价:1388参考:网址:http://www.securityfocus.com/bid/1388ISC DHCP客户端程序dhclient允许远程攻击者通过shell元字符执行任意命令。ED_PRI - 2000 - 0585 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0596:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000627 IE 5和访问2000漏洞——执行程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg参考:BUGTRAQ: 20000627弗兰克-威廉姆斯:即2000和访问漏洞——执行程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb f59b0 418美元96217 aa8@src.bu.edu参考:女士:ms00 - 049参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 049. - asp参考:XF: ie-access-vba-code-execute参考:报价:1398参考:网址:http://www.securityfocus.com/bid/1398Internet Explorer 5。x不警告用户在打开一个Microsoft Access数据库文件中引用ActiveX对象标签在HTML文档中,这可能允许远程攻击者执行任意命令,又名“IE脚本”的弱点。ED_PRI - 2000 - 0596 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0597:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000627 IE 5和Excel 2000, PowerPoint 2000漏洞,执行程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg参考:女士:ms00 - 049参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 049. - asp参考:报价:1399参考:网址:http://www.securityfocus.com/bid/1399参考:XF: ie-powerpoint-activex-object-execute微软Office 2000 (Excel和PowerPoint)和PowerPoint 97被标记为安全的脚本,它允许远程攻击者强迫Internet Explorer或保存文件到任意位置的电子邮件客户端通过Visual Basic应用程序(VBA) SaveAs函数,又名“办公室HTML脚本”的弱点。ED_PRI - 2000 - 0597 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0616:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:惠普:hpsbmp0006 - 007参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html参考:报价:1405参考:网址:http://www.securityfocus.com/bid/1405脆弱性在惠普TurboIMAGE DBUTIL通过DBUTIL.PUB.SYS允许本地用户获得更多的特权。ED_PRI - 2000 - 0616 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0582:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630 SecureXpert咨询(sx - 20000620 - 3)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000630162106.4619c - 100000 @fjord.fscinternet.com参考:XF: fw1-resource-overload-dos参考:报价:1416参考:网址:http://www.securityfocus.com/bid/1416检查防火墙1 4.0和4.1允许远程攻击者造成拒绝服务发送一串二进制零到SMTP服务器安全代理。ED_PRI - 2000 - 0582 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0583:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 vpopmail-3.4.11问题参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com参考:确认:http://www.vpopmail.cx/vpopmail-ChangeLog参考:报价:1418参考:网址:http://www.securityfocus.com/bid/1418vchkpw计划在4.8版本之前vpopmail不正确清洁一个不可信的格式字符串中使用syslog调用,它允许远程攻击者通过一个用户或引起拒绝服务传递命令包含任意格式指令。ED_PRI - 2000 - 0583 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0588:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 sawmill5.0.21旧路径错误与弱散列算法参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html参考:BUGTRAQ: 20000706 Flowerfire锯木厂漏洞的补丁可用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html参考:报价:1402参考:网址:http://www.securityfocus.com/bid/1402参考:XF: sawmill-file-access锯木厂5.0.21 CGI程序允许远程攻击者读取任意文件的第一行rfcf参数清单的文件,其内容锯木厂试图解析配置命令。ED_PRI - 2000 - 0588 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0568:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630多个漏洞Sybergen安全桌面参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se参考:XF: sybergen-routing-table-modify参考:报价:1417参考:网址:http://www.securityfocus.com/bid/1417Sybergen安全桌面2.1不正确防范虚假路由器广告(ICMP类型9),它允许远程攻击者修改默认路由。ED_PRI - 2000 - 0568 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0569:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:MISC:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html参考:报价:1420参考:网址:http://www.securityfocus.com/bid/1420Sybergen Sygate允许远程攻击者造成拒绝服务通过发送一个畸形的DNS UDP包的内部接口。ED_PRI - 2000 - 0569 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0570:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000627 DoS在一流的互联网服务5.770参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html参考:XF: firstclass-large-bcc-dos参考:报价:1421参考:网址:http://www.securityfocus.com/bid/1421一流的互联网服务服务器允许远程攻击者造成拒绝服务长时间通过发送电子邮件:邮件标题。ED_PRI - 2000 - 0570 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0575:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630 Kerberos安全漏洞在SSH-1参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007010511.BAA16944@syrinx.oankali.net参考:报价:1426参考:网址:http://www.securityfocus.com/bid/1426SSH 1.2.27使用Kerberos身份验证支持Kerberos票据存储在一个文件在当前目录中创建的用户登录,这可能允许远程攻击者嗅票缓存,如果主目录上安装NFS。ED_PRI - 2000 - 0575 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0580:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630 SecureXpert咨询(sx - 20000620 - 2)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000630161935.4619b - 100000 @fjord.fscinternet.com参考:XF: win2k-cpu-overload-dos参考:报价:1415参考:网址:http://www.securityfocus.com/bid/1415Windows 2000服务器允许远程攻击者造成拒绝服务发送一个连续的二进制零各种TCP和UDP端口,大大增加了CPU利用率。ED_PRI - 2000 - 0580 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0581:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630 SecureXpert咨询(sx - 20000620 - 1)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000630161841.4619a - 100000 @fjord.fscinternet.com参考:XF: win2k-telnetserver-dos参考:报价:1414参考:网址:http://www.securityfocus.com/bid/1414Windows 2000 Telnet服务器允许远程攻击者造成拒绝服务通过发送二进制零的连续流,导致服务器崩溃。ED_PRI - 2000 - 0581 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0586:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:VULN-DEV: 20000628 dalnet 4.6.5远程漏洞参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html参考:XF: ircd-dalnet-summon-bo参考:报价:1404参考:网址:http://www.securityfocus.com/bid/1404缓冲区溢出在Dalnet IRC服务器4.6.5允许远程攻击者造成拒绝服务或通过召唤命令执行任意命令。ED_PRI - 2000 - 0586 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0587:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:XF: glftpd-privpath-directive参考:BUGTRAQ: 20000626 Glftpd privpath虫子……+修复参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10006261041360.31907 - 200000 @twix.thrijswijk.nl参考:BUGTRAQ: 20000627 Re: Glftpd privpath虫子……+修复参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html参考:报价:1401参考:网址:http://www.securityfocus.com/bid/1401privpath指令在glftpd 1.18允许远程攻击者绕过访问限制目录使用文件名完成能力。ED_PRI - 2000 - 0587 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0589:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 sawmill5.0.21旧路径错误与弱散列算法参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html参考:BUGTRAQ: 20000706 Flowerfire锯木厂漏洞的补丁可用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html参考:报价:1403参考:网址:http://www.securityfocus.com/bid/1403参考:XF: sawmill-weak-encryption锯木厂5.0.21使用弱加密存储密码,它允许攻击者轻易解密密码和修改锯木厂配置。ED_PRI - 2000 - 0589 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0592:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000627 (SPSadvisory # 37) WinProxy 2.0.0/2.0.1 DoS和可利用的缓冲区溢位参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp参考:XF: winproxy-command-bo参考:报价:1400参考:网址:http://www.securityfocus.com/bid/1400缓冲区溢出的POP3服务WinProxy 2.0和2.0.1允许远程攻击者执行任意命令通过长期用户,通过,列表,RETR或删除命令。ED_PRI - 2000 - 0592 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0593:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000627 (SPSadvisory # 37) WinProxy 2.0.0/2.0.1 DoS和可利用的缓冲区溢位参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp参考:XF: winproxy-get-dos参考:报价:1400参考:网址:http://www.securityfocus.com/bid/1400WinProxy 2.0和2.0.1允许远程攻击者造成拒绝服务发送一个HTTP GET请求没有清单HTTP版本号。ED_PRI - 2000 - 0593 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0598:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 + Telnet代理网关问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html参考:报价:1395参考:网址:http://www.securityfocus.com/bid/1395参考:XF: fortech-proxy-telnet-gateway参考:XF: proxyplus-telnet-gateway Fortech代理+允许远程攻击者绕过访问限制为管理服务通过重定向连接通过telnet代理。ED_PRI - 2000 - 0598 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0599:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000629 iMesh 1.02脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html参考:XF: imesh-tcp-port-overflow参考:报价:1407参考:网址:http://www.securityfocus.com/bid/1407缓冲区溢出iMesh 1.02允许远程攻击者执行任意命令通过一个长字符串iMesh端口。ED_PRI - 2000 - 0599 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0600:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626网景企业服务器为网络虚拟目录Vulnerab为参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html参考:报价:1393参考:网址:http://www.securityfocus.com/bid/1393参考:XF: netscape-virtual-directory-bo参考:XF: netscape-enterprise-netware-bo网景企业服务器在网络5.1允许远程攻击者造成拒绝服务或执行任意命令通过一个畸形的URL。ED_PRI - 2000 - 0600 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0612:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000629车ARP Windoze参考处理:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395B7E64.9FB3D4DB@starzetz.de参考:XF: win-arp-spoofing参考:报价:1406参考:网址:http://www.securityfocus.com/bid/1406Windows 95, Windows 98不妥善处理欺骗ARP数据包,它允许远程攻击者覆盖静态缓存表中的条目。ED_PRI - 2000 - 0612 3投票: